Documente Academic
Documente Profesional
Documente Cultură
John Sabo
Director, Global Government relations
CA, Inc. and President, ISTPA
john.t.sabo@ca.com
Michael Willett
President, WillettWorks Technology
and Board member, ISTPA
mwillett@nc.rr.com
John Sabo is Director, Global Government Relations for CA, Inc., serves as an
industry expert in the use of security and privacy technologies in trusted
infrastructures.
as “proposers”
current OASIS members and new members
use-case development
OECD Guidelines –
1980
Collection Australian Privacy
Limitation Principles – 2001 APEC Privacy
Data Quality Collection Framework – 2005
Use and Preventing Harm
Purpose Disclosure Notice
Specification Data Quality
Collection Limitation
Use Limitation Data Security Uses of Personal
Security Openness Information
Safeguards Access and Choice
Correction Integrity of Personal
Openness
Information
Identifiers
Individual Anonymity Security Safeguard
Participation Trans-border Access and Correction
Accountability Data Flows Accountability
Sensitive
Information
Principles/Legislation/Policies
Security and Privacy Integration expected
Compliance - and increased international attention from regulators
18 Source: 27 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0
Privacy Management
Challenges:
Networked Health IT
Business Intelligence
Requestors/Users ..n …
Requestors/Users Time
PI
PI
•Non-sequential
Individual •Data subject impacted
PI
directly and indirectly
after initial data
collection
PI
Business Application 1, 2… n
Processor/Aggregator 1, 2…n
PI and Policies
PI and Policies
PI and Policies
PI and Policies
PI Objects
PI Policy Objects
Aggregation
PI Use And
Linkages
PI Objects
PI Collection PI Use
Policy Objects
PI Use
Aggregation
PI Use And
Linkages
PI Objects
PI Policy Objects
•Identity Lifecycle
PI Collection •Access PI Use
•Federation
•Data resource protection
•Audit
•Encryption…etc.
PI Use
Supported by…
??????
Need to support use cases where PI is disassociated from the data collector
and the individual’s control
Information life cycle beyond the collector
Policy changes in the future
Security Foundation
Legal, Regulatory, and Policy Context
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
Privacy SERVICES
Any two touch points in the PI life cycle
Interaction Interaction
Agreement Access Agreement
Control Usage Control Usage
PI
PI, Preferences Container PIC Repository
& PIC Repository (PIC)
Agent Agent
Assurance Services
Validation Certification Audit Enforcement
Security Foundation
Legal, Regulatory, and Policy Context
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
Simple Use Case
Employer application like Payroll that requests certain PI
from an employee…
Employee Payroll
Payroll AGENT and INTERACTION: a NOTICE of the
purpose/use of requested PI is presented to the Employee. The
PI, together with the permissible purpose/use, is stored in the PI
database by CONTROL and transferred to Payroll, where the PI
is submitted for VALIDATION and stored in the PI database by
CONTROL.
Employee Payroll
NOTICE
PIC
PI PI
Managing Networked-Interactive Data Flows
Requestors/Users ..n …
Requestors/Users Time
PI
PI
Individual PI
PI
Business Application 1, 2… n
Processor/Aggregator 1, 2…n
TWO EXAMPLES
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
Agreement
The Agreement Service provides information to individuals regarding
what PI is collected, for what purposes it will be used,
other policies and options associated with the collection and use,
and can result in consent, denial or an agreement among the parties.
The Agreement Service also enables any set of parties (individuals,
processing entities) to define agreements related to policies,
use and disposition associated with the PI at points throughout the PI
lifecycle.
Control
The Control Service encompasses the functions that work together
to ensure that PI governed by fair information practices/principles
is managed in accordance with prescribed privacy policies and controls.
These functions are established, maintained and manipulated by a
processing entity.
Example: Agreement Functions
Exchange initial
PROCESS Agreement parameters
parameters related
to a potential PROCESS Agreement exchange
agreement between PROCESS Agreement interchange
parties
SECURE Agreement
Invoke security controls in support of
Agreement functions, as appropriate
SECURE Control
Invoke security controls in support of Control
functions, as appropriate
Supporting
Privacy
Privacy and
Principles and
Security
Practices
Architecture
Privacy Principles
to
Selection of Privacy Laws
Security Privacy Implementation and Policies
Services and
Functions
Privacy Management
Reference Model
Selection of
Reference Privacy
Model Services Requirements
and Functions
Where Does the Reference Model Fit?
Michael Willett
mwillett@nc.rr.com